Topic: [XMR] Monero Speculation - page 1241. (Read 3314316 times)

^^^That is what happens when you don't have a clue, and thus fail.

IMPORTANT ANNOUNCEMENT FOR ALL SERVICE PROVIDERS:

I basically hacked cryptonic.net today as I was able to get their wallet seed and transfer out 2380 XMR. I will of course return the funds to the owner, the only reason I transferred them out is to safe keep them from other potential attackers.

This is something that has been worrying me for a while, but it was only today after receiving a PM from a guy asking for help that I decided to go through the effort. I scanned the monero network, a total of 318 IP's on port 18082. I found 2 matches, and only 1 that I was able to attack. But there could be more vulnerable services out there running on different ports.

When you're running the wallet in rpc mode (you can do that by binding the port) for example like this:

Your wallet will be able to respond to RPC calls. What is very important to know is that the RPC calls are NOT password protected. The password I specified in my example (demo123) only protects the wallet. Once the wallet is running as rpc server it will accept incoming calls. Therefore your port 18082 MUST BE CLOSED (or whatever port you use to run the wallet server). This way you can only access the RPC from localhost.

The RPC has calls like "query_key" where you can retrive view_key or the mnemonic seed. That's what I used, but I could also have used commands like "transfer" to take the funds.

This does not affect normal wallets, only if you run it in server mode like I explained above.

As of right now I'd advise people to wait with purchases on cryptonic until the owner has responded and secured his wallet.

It doesn't appear to be any major issue at the moment as I only found this 1 wallet vulnerable, but again I don't know how many are running servers on different ports and I think it's best this info is out in the open so admins can secure their wallets correctly. It's very simple, just make sure that the port you bind your wallet to is closed.

We do not have Forbes guys owning Monero do we?

this is waht happenz if you dont have a decent wallet

ups!

IMPORTANT ANNOUNCEMENT FOR ALL SERVICE PROVIDERS:

I basically hacked cryptonic.net today as I was able to get their wallet seed and transfer out 2380 XMR. I will of course return the funds to the owner, the only reason I transferred them out is to safe keep them from other potential attackers.

This is something that has been worrying me for a while, but it was only today after receiving a PM from a guy asking for help that I decided to go through the effort. I scanned the monero network, a total of 318 IP's on port 18082. I found 2 matches, and only 1 that I was able to attack. But there could be more vulnerable services out there running on different ports.

When you're running the wallet in rpc mode (you can do that by binding the port) for example like this:

Your wallet will be able to respond to RPC calls. What is very important to know is that the RPC calls are NOT password protected. The password I specified in my example (demo123) only protects the wallet. Once the wallet is running as rpc server it will accept incoming calls. Therefore your port 18082 MUST BE CLOSED (or whatever port you use to run the wallet server). This way you can only access the RPC from localhost.

The RPC has calls like "query_key" where you can retrive view_key or the mnemonic seed. That's what I used, but I could also have used commands like "transfer" to take the funds.

This does not affect normal wallets, only if you run it in server mode like I explained above.

As of right now I'd advise people to wait with purchases on cryptonic until the owner has responded and secured his wallet.

It doesn't appear to be any major issue at the moment as I only found this 1 wallet vulnerable, but again I don't know how many are running servers on different ports and I think it's best this info is out in the open so admins can secure their wallets correctly. It's very simple, just make sure that the port you bind your wallet to is closed.

You don't really want to encourage people to start thinking of XMR as an elitist's coin do you ?

I agree Monero needs people who are spokesmen and are bringing Monero to the elite.

Of course he was answering DAO question if podcast was made right after DAO hack and was about DAO hack and how ETH will answer on it.  Why would he talk or answer on any other question beside about DAO or ETH?   He should of course not make fun of his listeners, but that is another question.

On generally on Lets Talk Bitcoin podcasting platform i saw only few podcast at least half of it dedicated to Monero. And most are 2 years old. In few others was mention briefly. Why is so i am not sure. Or Monero is not so interesting or is to hard to understand for them or they do mainly what coin marketers suggest them.  

That was me you quoted

I heard one mention about AA & zcash recently from somebody on reddit so I don't know if it's valid hence my question.

In that video right after he dismisses the Monero questions he starts answering DAO questions which are obviously related to eth so....

...

how come it was design flaw for bitcoin

...

i think you were wrong...

i speculate that monero is not good for anything, it has perpetual coin emission which reduce its value that todays 1 xmr  =/=    monero value @ year 2022.
because if we check 1 bitcoin value it will always ==  1 / total.coin(21 M), compared to monero which 1 monero ==  1  / total.coin++(M = 264 - 1 PLUS eternal subsidy forever)  

which mean if you were holding xmr then the coin value will be reduced eternally forever because the total number of coin is also increased eternally forevaaaaaaaa.